1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
|
This directory contains various certificates for use with SSL-related
unit tests.
- google.binary.p7b
- google.chain.pem
- google.pem_cert.p7b
- google.pem_pkcs7.p7b
- google.pkcs7.p7b
- google.single.der
- google.single.pem
- thawte.single.pem : Certificates for testing parsing of different formats.
- googlenew.chain.pem : The refreshed Google certificate
(valid until Sept 30 2013).
- mit.davidben.der : An expired MIT client certificate.
- foaf.me.chromium-test-cert.der : A client certificate for a FOAF.ME identity
created for testing.
- www_us_army_mil_cert.der
- dod_ca_17_cert.der
- dod_root_ca_2_cert.der :
A certificate chain used for testing certificate imports
- unosoft_hu_cert : Certificate used by X509CertificateTest.UnoSoftCertParsing.
- client.p12 : A PKCS #12 file containing a client certificate and a private
key created for testing. The password is "12345".
- client-nokey.p12 : A PKCS #12 file containing a client certificate (the same
as the one in client.p12) but no private key. The password is "12345".
- punycodetest.der : A test self-signed server certificate with punycode name.
The common name is "xn--wgv71a119e.com" (日本語.com)
- unittest.selfsigned.der : A self-signed certificate generated using private
key in unittest.key.bin. The common name is "unittest".
- unittest.key.bin : private key stored unencrypted.
- unittest.originbound.der: A test origin-bound certificate for
https://www.google.com:443.
- unittest.originbound.key.der: matching PrivateKeyInfo.
- x509_verify_results.chain.pem : A simple certificate chain used to test that
the correctly ordered, filtered certificate chain is returned during
verification, regardless of the order in which the intermediate/root CA
certificates are provided.
- google_diginotar.pem
- diginotar_public_ca_2025.pem : A certificate chain for the regression test
of http://crbug.com/94673
- test_mail_google_com.pem : A certificate signed by the test CA for
"mail.google.com". Because it is signed by that CA instead of the true CA
for that host, it will fail the
TransportSecurityState::IsChainOfPublicKeysPermitted test.
- salesforce_com_test.pem
- verisign_intermediate_ca_2011.pem
- verisign_intermediate_ca_2016.pem : Certificates for testing two
X509Certificate objects that contain the same server certificate but
different intermediate CA certificates. The two intermediate CA
certificates actually represent the same intermediate CA but have
different validity periods.
- multivalue_rdn.pem : A regression test for http://crbug.com/101009. A
certificate with all of the AttributeTypeAndValues stored within a single
RelativeDistinguishedName, rather than one AVA per RDN as normally seen.
- unescaped.pem : Regression test for http://crbug.com/102839. Contains
characters such as '=' and '"' that would normally be escaped when
converting a subject/issuer name to their stringized form.
- 2048-rsa-root.pem
- {768-rsa,1024-rsa,2048-rsa,prime256v1-ecdsa}-intermediate.pem
- {768-rsa,1024-rsa,2048-rsa,prime256v1-ecdsa}-ee-by-
{768-rsa,1024-rsa,2048-rsa,prime256v1-ecdsa}-intermediate.pem
These certficates are generated by
net/data/ssl/scripts/generate-weak-test-chains.sh and used in the
RejectWeakKeys test in net/base/x509_certificate_unittest.cc.
- cross-signed-leaf.pem
- cross-signed-root-md5.pem
- cross-signed-root-sha1.pem
A certificate chain for regression testing http://crbug.com/108514,
generated via scripts/generate-cross-signed-certs.sh
- redundant-validated-chain.pem
- redundant-server-chain.pem
- redundant-validated-chain-root.pem
Two chains, A -> B -> C -> D and A -> B -> C2 (C and C2 share the same
public key) to test that SSLInfo gets the reconstructed, re-ordered
chain instead of the chain as served. See
SSLClientSocketTest.VerifyReturnChainProperlyOrdered in
net/socket/ssl_client_socket_unittest.cc. These chains are valid until
26 Feb 2022 and are generated by
net/data/ssl/scripts/generate-redundant-test-chains.sh.
- comodo.chain.pem : A certificate chain for www.comodo.com which should be
recognised as EV. Expires Jun 21 2013.
- ocsp-test-root.pem : A root certificate for the code in
net/tools/testserver/minica.py
- spdy_pooling.pem : Used to test the handling of spdy IP connection pooling
Generated by using the command
"openssl req -x509 -days 3650 -sha1 -extensions req_spdy_pooling \
-config ../scripts/ee.cnf -newkey rsa:1024 -text \
-out spdy_pooling.pem"
- subjectAltName_sanity_check.pem : Used to test the handling of various types
within the subjectAltName extension of a certificate. Generated by using
the command
"openssl req -x509 -days 3650 -sha1 -extensions req_san_sanity \
-config ../scripts/ee.cnf -newkey rsa:1024 -text \
-out subjectAltName_sanity_check.pem"
- ndn.ca.crt: "New Dream Network Certificate Authority" root certificate.
This is an X.509 v1 certificate that omits the version field. Used to
test that the certificate version gets the default value v1.
- websocket_cacert.pem : The testing root CA for testing WebSocket client
certificate authentication.
This file is used in SSLUITest.TestWSSClientCert.
- websocket_client_cert.p12 : A PKCS #12 file containing a client certificate
and a private key created for WebSocket testing. The password is "".
This file is used in SSLUITest.TestWSSClientCert.
- android-test-key-rsa.pem
- android-test-key-dsa.pem
- android-test-key-dsa-public.pem
- android-test-key-ecdsa.pem
- android-test-key-ecdsa-public.pem
This is a set of test RSA/DSA/ECDSA keys used by the Android-specific
unit test in net/android/keystore_unittest.c. They are used to verify
that the OpenSSL-specific wrapper for platform PrivateKey objects
works properly. See the generate-android-test-keys.sh script.
- client_1.pem
- client_1.key
- client_1_ca.pem
- client_2.pem
- client_2.key
- client_2_ca.pem
This is a set of files used to unit test SSL client certificate
authentication. These are generated by
net/data/ssl/scripts/generate-client-certificates.sh
- client_1_ca.pem and client_2_ca.pem are the certificates of
two distinct signing CAs.
- client_1.pem and client_1.key correspond to the certificate and
private key for a first certificate signed by client_1_ca.pem.
- client_2.pem and client_2.key correspond to the certificate and
private key for a second certificate signed by client_2_ca.pem.
- eku-test-root.pem
- non-crit-codeSigning-chain.pem
- crit-codeSigning-chain.pem
Two code-signing certificates (eKU: codeSigning; eKU: critical,
codeSigning) which we use to test that clients are making sure that web
server certs are checked for correct eKU fields (when an eKU field is
present). Since codeSigning is not valid for web server auth, the checks
should fail.
- duplicate_cn_1.p12
- duplicate_cn_1.pem
- duplicate_cn_2.p12
- duplicate_cn_2.pem
Two certificates from the same issuer that share the same common name,
but have distinct subject names (namely, their O fields differ). NSS
requires that certificates have unique nicknames if they do not share the
same subject, and these certificates are used to test that the nickname
generation algorithm generates unique nicknames.
The .pem versions contain just the certs, while the .p12 versions contain
both the cert and a private key, since there are multiple ways to import
certificates into NSS.
- aia-cert.pem
- aia-intermediate.der
- aia-root.pem
A certificate chain which we use to ensure AIA fetching works correctly
when using NSS to verify certificates (which uses our HTTP stack).
aia-cert.pem has a caIssuers that points to "aia-test.invalid" as the URL
containing the intermediate, which can be served via a URLRequestFilter.
aia-intermediate.der is stored in DER form for convenience, since that is
the form expected of certificates discovered via AIA.
- cybertrust_gte_root.pem
- cybertrust_baltimore_root.pem
- cybertrust_omniroot_chain.pem
- cybertrust_baltimore_cross_certified_1.pem
- cybertrust_baltimore_cross_certified_2.pem
These certificates are reflect a portion of the CyberTrust (Verizon
Business) CA hierarchy. _gte_root.pem is a legacy 1024-bit root that is
still widely supported, while _baltimore_root.pem reflects the newer
2048-bit root. For clients that only support the GTE root, two versions
of the Baltimore root were cross-signed by GTE, namely
_cross_certified_[1,2].pem. _omniroot_chain.pem contains a certificate
chain that was issued under the Baltimore root. Combined, these
certificates can be used to test real-world cross-signing; in practice,
they are used to test certain workarounds for OS X's chain building code.
- no_subject_common_name_cert.pem: Used to test the function that generates a
NSS certificate nickname for a user certificate. This certificate's Subject
field doesn't have a common name.
- expired_cert.pem
- ok_cert.pem
- root_ca_cert.pem
These certificates are the common certificates used by the Python test
server for simulating HTTPS connections. They are generated by running
the script net/data/ssl/scripts/generate-test-certs.sh.
- quic_intermediate.crt
- quic_test_ecc.example.com.crt
- quic_test.example.com.crt
- quic_root.crt
These certificates are used by the ProofVerifier's unit tests of QUIC.
- explicit-policy-chain.pem
A test certificate chain with requireExplicitPolicy field set on the
intermediate, with SkipCerts=0. This is used for regression testing
http://crbug.com/31497. It is generated by running the script
net/data/ssl/scripts/generate-policy-certs.sh
- ct-test-embedded-cert.pem
- ct-test-embedded-with-intermediate-chain.pem
- ct-test-embedded-with-intermediate-preca-chain.pem
- ct-test-embedded-with-preca-chain.pem
Test certificate chains for Certificate Transparency: Each of these
files contains a leaf certificate as the first certificate, which has
embedded SCTs, followed by the issuer certificates chain.
All files are from the src/test/testdada directory in
https://code.google.com/p/certificate-transparency/
|
